WASHINGTON, D.C. — Today, U.S. Representatives Mike Quigley (IL-05) and John Katko (NY-24) introduced the bipartisan Prevent Election Hacking Act of 2018 to help combat the threat of election hacking. The legislation will create a competition, commonly known as a bug bounty program, that rewards cyber experts that are able to identify vulnerabilities in our election infrastructure.

“As we saw in the last election cycle, our adversaries are committed to interfering in our nation’s democratic process,” said Rep. Katko. “This is a grave threat to our country and our nation’s security. Our voting systems remain vulnerable to hacking, and we must do more to protect against cyber aggression. This is an issue we must work across the aisle to address, and I’m proud to take the lead with my colleague Rep. Quigley. The bipartisan measure we’ve introduced today will help ensure our nation’s foremost experts on cybersecurity have the tools that they need to identify and combat malicious cyberattacks against our democracy.”

“Our foreign adversaries don’t have to hack into every single board of election to undermine our democratic process; it just takes a couple to achieve their goal of eroding public trust in our electoral system,” said Rep Quigley.” Unfortunately, many state and local election boards don’t even know when they’ve been hacked—either because they don’t know what to look for or don’t have the technology needed to help spot an intrusion. That is why we must continue to better understand the vulnerabilities that exist so we can implement infrastructure upgrades that address them head on. This important bill will enlist the unique knowledge of cybersecurity experts to safeguard the foundation of our democracy—the right to free and fair elections.

The Intelligence Community has determined that at least twenty-one state election systems were targeted in the lead-up to the 2016 elections. While there was no evidence of Russia tampering with the vote count process, that does not mean Russia or another adversary will not try to attack us again in upcoming elections. Voting machines and election databases across the country remain woefully outdated and highly susceptible to outside interference. In fact, an estimated 41 states still use voting machines that have not been replaced in over a decade and thirteen states continue to use machines that fail to produce the paper ballots or records necessary to perform audits.

By allowing the Department of Homeland Security (DHS) to establish a recurring “Hack the Election” competition, we can give independent cyber experts the opportunity to assist participating state and local election officials, who often times lack the necessary cybersecurity training and guidance to prevent hacking attempts, uncover both new and existing threats to their systems. With these vulnerabilities detected by outside experts, DHS can focus its resources on providing election officials with the technical assistance needed to bolster their cybersecurity defenses.

Each year, DefCon organizes a hacking conference designed to educate the computer security community about potential weaknesses of the voting systems used in U.S. elections and get them involved in fixing them. It took last year’s attendees less than a day to find and exploit vulnerabilities in five different voting machine types. This bill builds on that model.